Lucene search
WpvulndbWPEX-ID:680121FE-6668-4C1A-A30D-E70DD9BE5AACHistoryMar 30, 2022 - 12:00 a.m.
Cab fare calculator < 1.0.4 - Unauthenticated LFI
2022-03-3000:00:00
wpvulndb
97
cab fare calculator
version 1.0.4
unauthenticated
lfi
exploit
EPSS
0.03
Percentile
91.0%
The plugin does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. Despite what the original advisory claims, the issue is not exploitable by accessing the file directly as a fatal error is triggered before the vulnerable code is reached, however can be exploited by unauthenticated attackers via other requests
https://example.com/?controller=../../../index&action=1&ajax=1
https://example.com/?controller=../../../index&action=1&pg=tblightRelated
wpvulndb
wpvulndb
Cab fare calculator < 1.0.4 - Unauthenticated LFI
2022-03-30 00:00:00
nvd
nvd
CVE-2022-1391
2022-04-25 16:16:08
cve
cve
CVE-2022-1391
2022-04-25 16:16:08
cnvd
cnvd
WordPress plugin Cab fare calcula file contains vulnerability
2022-04-27 00:00:00
prion
prion
Input validation
2022-04-25 16:16:00
nuclei
nuclei
WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
2022-03-30 05:35:04
cvelist
cvelist
CVE-2022-1391 Cab fare calculator < 1.0.4 - Unauthenticated LFI
2022-04-25 15:51:26